Information processing apparatus, control method for controlling the information processing apparatus in a maintenance mode, and storage medium

ABSTRACT

In an information processing apparatus and a method of controlling the same, settings for prohibiting an access to a removable medium is performed, and even if the setting is set, the access to the removable medium is permitted in a case where the information processing apparatus is activated in the maintenance mode.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a Continuation of U.S. patent applicationSer. No. 15/434,234, filed Feb. 16, 2017, which itself is a Continuationof U.S. patent application Ser. No. 14/541,467, filed Nov. 14, 2014, andissued as U.S. Pat. No. 9,607,180 on Mar. 28, 2017, which claims thebenefit of Japanese Patent Application No. 2013-240257, filed Nov. 20,2013 and Japanese Patent Application No. 2014-115316, filed Jun. 3,2014, the entire disclosures of which are all hereby incorporated byreference herein.

BACKGROUND OF THE INVENTION Field of the Invention

The present invention relates to an information processing apparatus, amethod of controlling the same, and a storage medium.

Description of the Related Art

In recent years, due to an increase in the number of functions ofinformation processing apparatuses (hereinafter referred to as devices)such as PCs (Personal Computer), multi function peripherals, or thelike, devices in offices are provided with many settings. As aconsequence, device setting has become complicated, and there is thepossibility that the device will be operated with a setting for whichthere is a risk from a security perspective based on the operationenvironment of the device. For this reason, it is advantageous thatsettings of a device in an office be operated in accordance with asecurity policy (hereinafter referred to as a policy) that a securitymanager, who manages security in the office, has established. In a largescale office environment, in many cases, the security manager is adifferent person to the administrator of the devices of the office. Inother words, the administrator of the devices manages devices for whichsetting is performed in accordance with a policy established by thesecurity manager. Accordingly, a general user uses a device which ismanaged by the administrator, and for which setting in accordance withthe policy established by the security manager is performed.

An example of such a policy is a policy for prohibiting the usage of USB(Universal Serial Bus) with the objective of preventing informationleakage from a USB memory (hereinafter referred to as a USB usageprohibition policy). Also, another example of such a policy is a policyof forcing the usage of a TPM (Trusted Platform Module), for example,with the objective of safely managing confidential data within devices(hereinafter referred to as a forced TPM usage policy). A TPM is asecurity chip that has a tamper resistance and is capable of safelymanaging an encryption key. In general, devices equipped with TPMrealize encryption of confidential data and safe management ofconfidential data by safely managing a key used for the encryptionwithin the TPM.

Furthermore, there is demand for optimization of work that is applied tocomplicated settings for multiple devices, and an approach forperforming multiple settings for multiple devices via a network has beenproposed in Japanese Patent Laid-Open No. 2005-99949, for example. Withthis, it becomes possible for a security manager, or the like, tooperate devices in an office with settings in accordance with a unifiedpolicy by performing multiple settings via the network on the devices inthe office.

There are cases where a specialist worker, dispatched from a supportcenter of a device dealer, determines a condition of a device in anoffice for maintenance, or upon an occurrence of a malfunction. In sucha case, there are cases in which information for analyzing the conditionof the device (hereinafter referred to as a log) is stored in a USBmemory. Here, in a case where the USB usage prohibition setting isperformed for the device, the log cannot be obtained via a USB I/Funless the USB usage prohibition setting is released by the securitymanager. In other words, there is a problem in that with deviceoperation under the USB usage prohibition setting, while security isimproved, convenience is reduced due to the fact that requiredinformation cannot be obtained via USB when necessary.

In addition, in a case where a TPM is used, a backup of an encryptionkey managed in the TPM (hereinafter referred to as a TPM key) isnecessary in preparation for a case in which a malfunction or a loss ofthe TPM occurs. Such a backup of the TPM key is performed by obtainingthe TPM key by USB in many cases. However, in such cases, the backup ofthe TPM key cannot be taken if the USB usage prohibition setting and theTPM usage setting are set for the device by the security manager. Inother words, the USB usage prohibition setting and the TPM usage settingare contentious and cannot both be set. In such a case, it is necessaryfor the security manager to first release the USB usage prohibitionsetting on all of the devices set in accordance with the policy, andthen, after the backup of the TPM key has been completed on all of thedevices, to once again perform the USB usage prohibition setting, andthis is inconvenient.

SUMMARY OF THE INVENTION

An aspect of the present invention is to eliminate the above-mentionedproblems with conventional technology.

A feature of the present invention is to provide a technique by which,for example, a log or a backup of a TPM key to a storage device is madepossible even in a case where access to the storage device isprohibited.

The present invention in its first aspect provides an informationprocessing apparatus, comprising: a setting unit configured to performsetting for prohibiting an access to a removable medium; and acontroller configured to control, even if the setting is set by thesetting unit, to permit access to the removable medium in a case wherethe information processing apparatus is activated in a maintenance mode.

The present invention in its second aspect provides a method ofcontrolling an information processing apparatus having a connection unitfor connecting a storage device, the method comprising: a setting stepof performing settings for prohibiting an access to a removable medium;and a control step of controlling, even if the setting is set in thesetting step, to permit access to the removable medium in a case wherethe information processing apparatus is activated in a maintenance mode.

Further features of the present invention will become apparent from thefollowing description of exemplary embodiments with reference to theattached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate embodiments of the invention and,together with the description, serve to explain the principles of theinvention.

FIG. 1 depicts a view illustrating an example of configuration of anetwork comprising a multi function peripheral according to a firstembodiment of the present invention.

FIG. 2 is a block diagram for explaining a hardware configuration of themulti function peripheral according to the first embodiment.

FIG. 3 is a block diagram for showing a software configuration of themulti function peripheral according to the first embodiment.

FIG. 4 is a flowchart for describing processing to make possible a usageof USB by an activation mode of the multi function peripheral in a casewhere a USB usage prohibition is set on the multi function peripheralaccording to the first embodiment.

FIG. 5 is a flowchart for describing control processing for when themulti function peripheral according to the first embodiment receivesdata of a USB usage prohibition policy or a forced TPM usage policy.

FIG. 6 depicts a view illustrating an example of an error screendisplayed on a UI of the multi function peripheral according to thefirst embodiment and a second embodiment.

FIG. 7 is a flowchart for describing TPM key backup processing by themulti function peripheral according to the second embodiment.

FIG. 8 depicts a view illustrating an example of a warning screendisplayed in the multi function peripheral according to the secondembodiment when the backup of the TPM key has yet to be completed.

FIG. 9 depicts a view for showing an example of a screen for queryingwhether or not to execute the backup of the TPM key in the multifunction peripheral according to the second embodiment.

FIG. 10 is a flowchart for describing the TPM key backup processing ofstep S712 of FIG. 7.

FIG. 11 depicts a view illustrating an example of a password inputrequest screen that the multi function peripheral displays in step S1001of FIG. 10 according to the second embodiment.

FIG. 12 depicts a view illustrating an example of a warning screendisplayed by the multi function peripheral according to the secondembodiment.

FIG. 13 is a flowchart for describing TPM key backup processing by themulti function peripheral according to a third embodiment of the presentinvention.

FIG. 14 is a block diagram for explaining a software configuration ofthe multi function peripheral according to a fourth embodiment of thepresent invention.

FIG. 15 is a flowchart for describing control that makes possible theusage of a USB device by an operation mode in a case where a USB usageprohibition is set in the multi function peripheral according to thefourth embodiment.

FIG. 16 is a flowchart for describing processing of step S1506 of FIG.15 or step S1706 of FIG. 17.

FIG. 17 is a flowchart for describing processing by the multi functionperipheral according to a fifth embodiment.

FIG. 18 depicts a view for explaining an example of a modification ofthe operation mode in the multi function peripheral according to thefourth embodiment.

FIG. 19 is a flowchart for describing processing of step S1515 of FIG.15 or step S1718 of FIG. 17.

DESCRIPTION OF THE EMBODIMENTS

Embodiments of the present invention will now be described hereinafterin detail, with reference to the accompanying drawings. It is to beunderstood that the following embodiments are not intended to limit theclaims of the present invention, and that not all of the combinations ofthe aspects that are described according to the following embodimentsare necessarily required with respect to the means to solve the problemsaccording to the present invention.

First Embodiment

The first embodiment of the present invention relates to control forenabling a usage of USB memory by an activation mode in a case where aUSB usage prohibition setting (a setting for prohibiting access to a USBmemory connected to a USB I/F) has been set in the informationprocessing apparatus. With this, even if operation of the informationprocessing apparatus is being carried out under the USB usageprohibition setting, usage of the USB becomes possible in apredetermined circumstance such as during maintenance of the informationprocessing apparatus by a serviceman. Note that in the embodimentsexplained below, explanation is given with reference to a multi functionperipheral 101 according to embodiments, which is one example of aninformation processing apparatus.

FIG. 1 depicts a view illustrating an example configuration of a networkcomprising the multi function peripheral 101 according to a firstembodiment of the present invention.

The multi function peripheral 101 and a server (the management terminal)102 are connected via a network 103. The server 102 is capable ofperforming multiple settings on the multi function peripheral 101 viathe network 103. Note that in the first embodiment, an example is shownin which only one of each of the server 102 and the multi functionperipheral 101 is connected via the network 103, but the presentinvention is not limited to this.

FIG. 2 is a block diagram for explaining a hardware configuration of themulti function peripheral 101 according to the first embodiment.

A network interface (I/F) 201 performs communication with an externaldevice such as the server 102 via the network 103. A UI (user interface)202 comprises an operation panel equipped with a display unit, and alongwith accepting settings for the multi function peripheral 101, the UI202 displays various information, and enables operation by a user. A CPU203 deploys into a RAM 204, and executes, a program code stored in astorage unit 205, and performs overall control of the multi functionperipheral 101. The RAM 204 stores program code that the CPU 203executes and temporarily stores various information such as, image data,and the like. The storage unit 205 stores various information such asthe program code, image data, and the like. A scanner engine 206optically scans an image printed on a sheet, and output image data ofthe image. A printer engine 207 prints an image onto a sheet inaccordance with image data. The printer engine 207 is anelectrophotographic printer engine, an ink-jet printer engine, or thelike. A TPM chip 208 safely saves a key for encrypting confidential datasaved on the storage unit 205, or the like. The TPM chip 208 is asecurity chip referred to as a TPM (Trusted Platform Module) havingtamper resistance. A USB I/F 209 is a USB interface for connecting a USBmemory 210 to the multi function peripheral 101.

FIG. 3 is a block diagram for showing a software configuration of themulti function peripheral 101 according to the first embodiment. Here,while there is no particular limitation, control modules and anencryption processing module are realized by control programs stored inthe storage unit 205, and by the CPU 203 executing these controlprograms, the functions corresponding to each module are realized.

A UI control module 301 controls the UI 202, and accepts requests suchthose for a display of various information to the UI 202, or for inputby a user via the UI 202. A communication control module 302 performsdata transmission and receiving via the network I/F 201. A USB controlmodule 303 controls loading and unloading of a USB driver (a massstorage class driver), recognizes the USB memory 210 connected to theUSB I/F 209, and performs a writing of data into the USB memory 210, anda reading out of data from the USB memory 210. A TPM control module 304performs control relating to the TPM chip 208 such as encryption anddecryption of data by the TPM chip 208 and management of keys. A settingvalue control module 305 performs a modification of various settingsrelating to the multi function peripheral 101 which are saved on thestorage unit 205. An activation control module 306 executes anactivation mode in accordance with a predetermined activation pattern.For example, in this embodiment, the multi function peripheral 101 isprovided with two activation patterns: a normal mode and a maintenancemode. Here, the normal mode is a general activation mode, and in thenormal mode, the user simply turns on a power switch to activate themulti function peripheral 101. The maintenance mode is a mode forperforming special work, and is a mode for a worker of a support center,or the like, (hereinafter referred to as a serviceman) performing anactivation operation upon maintenance work, the occurrence of amalfunction, or the like, for example. An activation in the maintenancemode is enabled only in a case where the serviceman activates the multifunction peripheral 101 in accordance with a predetermined procedure,and the activation procedure is not published to general users, and isonly known by the serviceman. In this way, when the multi functionperipheral 101 is activated in the normal mode or the maintenance mode,the activation control module 306 saves the activation mode in thestorage unit 205. A print control module 307 performs print processingby controlling the scanner engine 206 and the printer engine 207. Anencryption processing module 308 performs encryption related processingand certificate related processing.

FIG. 5 is a flowchart for describing control processing for when themulti function peripheral 101 according to the first embodiment receivesdata of a USB usage prohibition policy or a forced TPM usage policy fromthe server 102. This processing is realized by the CPU 203 executing aprogram deployed into the RAM 204, but here explanation is given withthe processing being performed by the control modules shown in FIG. 3.

In step S501, the communication control module 302 receives, from theserver 102, via the network I/F 201, list data of setting informationfor complying with a policy (hereinafter referred to as policy data).With this, the processing proceeds to step S502, and the setting valuecontrol module 305 updates a setting value based upon policy datareceived in step S501. Specifically, it is determined whether or not aUSB usage prohibition policy is included as a policy to be enabled inthe policy data. Then, if it is determined that the USB usageprohibition policy is included, the processing proceeds to step S503,and the setting value control module 305 turns on a predeterminedsetting value corresponding to the USB usage prohibition setting savedin the storage unit 205. Note that if, in step S502, the USB usageprohibition policy is not included, step S503 is skipped, and theprocessing proceeds to step S504.

In step S504, the setting value control module 305 determines whether ornot the forced TPM usage policy is included in policy data as a policyto be enabled. Here, if it is determined that the forced TPM usagepolicy is included, the processing proceeds to step S505, and thesetting value control module 303 turns on a setting value correspondingto the forced TPM usage policy saved in the storage unit 205 and theprocessing ends. In step S504, if it is not determined that the forcedTPM usage policy is included, then the processing ends.

In this way, the server 102 is able to perform, for the multi functionperipheral 101, a USB usage prohibition setting and a forcing setting sothat the TPM is used.

FIG. 4 is a flowchart for describing processing to make possible a usageof USB by an activation mode of the multi function peripheral 101 in acase where a USB usage prohibition on the multi function peripheral 101according to the first embodiment is set. This processing is realized bythe CPU 203 executing a program deployed into the RAM 204, but hereexplanation is given with the processing being performed by the controlmodules shown in FIG. 3. In the present embodiment, in a case where theUSB memory 210 is not connected to the USB I/F 209, i.e. in a case wherethe USB control module 303 does not recognize the USB memory 210, the UIcontrol module 301 does not display a screen for performing a request towrite into the USB memory 210.

Firstly, in step S401, the UI control module 301 determines whether ornot there is a request to write into the USB memory 210 from the UI 202.In step S401, if it is determined that there is the request to writeinto the USB memory 210, the processing proceeds to step S402, and theactivation control module 306 determines whether a predetermined settingvalue corresponding to the maintenance mode saved in the storage unit205 is turned on (whether the maintenance mode is activated). If it isdetermined that the setting value is turned on (activation in themaintenance mode) in step S402, the processing proceeds to step S404,the USB control module 303 controls so as to write the data requested instep S401 into the USB memory 210, and the processing completes.

On the other hand, if it is determined that the setting value is turnedoff (activation in the normal mode) in step S402, the processingproceeds to step S403, and the USB control module 303 determines whetherthe predetermined setting value saved in the storage unit 205corresponding to the USB usage prohibition setting is turned on (whetherthe USB usage prohibition setting is enabled). In step S403, if it isdetermined that the setting value is turned off (the USB usageprohibition setting is disabled), the processing proceeds to step S404,and the USB control module 303 writes into the USB memory 210 the datafor which the request is made in step S401. On the other hand, in stepS403, if it is determined that the setting value is turned on (the USBusage prohibition setting is enabled), the processing proceeds to stepS405, and the UI control module 301 performs an error notification bydisplaying an error screen as illustrated in FIG. 6, for example, to theUI 202.

FIG. 6 depicts a view illustrating an example of an error screendisplayed on the UI 202 of the multi function peripheral 101 accordingto embodiments.

In this screen, because usage of USB is prohibited, it is displayed thatwriting into the USB memory cannot be performed.

By the first embodiment, as explained above, even for a device uponwhich the setting for prohibiting the usage of the USB memory isenabled, it becomes possible to write into the USB memory a log, or aTPM key, by a serviceman performing a predetermined activation. Morespecifically, by the serviceman activating the device in the maintenancemode, a log can be obtained from the USB memory 210 connected via theUSB I/F 209 even if a setting for prohibiting the usage of the USBmemory is made. Also, there is the effect that it is possible to performa backup of a TPM key using the USB memory.

Second Embodiment

In the first embodiment described above, explanation was given for anexample in which the obtainment of information from the USB memory ispossible if the serviceman knows the predetermined activation procedure,even if a setting for prohibiting the usage of the USB is made. However,in the first embodiment, an administrator of the device who is adifferent person from the security manager (hereinafter referred to asthe administrator) cannot perform the backup of the TPM key. If theadministrator can perform the backup of the TPM key, it is possible totake the backup of the TPM key immediately without relying upon theserviceman when the TPM usage setting is turned on due to the forced TPMusage policy, or the like, and so convenience is improved, and this isadvantageous for operation.

In the second embodiment, explanation will be given for control thatenables the administrator to perform the backup of the TPM key in anormal mode activation even in a case where it is requested that the USBusage prohibition setting and the usage setting for the TPM both beused. In other words, even if the multi function peripheral 101 isactivated in the normal activation mode and the setting for prohibitingaccess to the USB memory and the TPM usage setting are set, the backupof the TPM key to the USB memory is allowed under the condition that thebackup of the TPM key has not been performed. Note that in the secondembodiment, it is assumed that the TPM related setting for the backup ofthe TPM key, or the like, can only be performed by an operatorauthenticated as the administrator. Also, because the hardwareconfiguration of the multi function peripheral 101 and the systemconfiguration according to the second embodiment are the same as in thecase of the previously described first embodiment, their explanationwill be omitted.

FIG. 7 is a flowchart for describing TPM key backup processing by themulti function peripheral 101 according to the second embodiment. Thisprocessing is realized by the CPU 203 executing a program deployed intothe RAM 204, but here explanation is given with the processing beingperformed by the control modules shown in FIG. 3. Note that theprocessing of step S701 and step S702 is the same as step S401 and stepS402 of FIG. 4 of the first embodiment, and so explanation is omitted.

In step S702, the setting value control module 305 determines whether ornot the activation mode is the maintenance mode, and if so, theprocessing proceeds to step S703, and the USB control module 303 writesinto the USB memory 210 via the USB I/F 209 the data for which therequest is received in step S701, and the processing completes. This isthe same as in the case of the previously described first embodiment.

Meanwhile, in step S702, if it is determined that the activation mode isthe normal mode, the processing proceeds to step S704, and the USBcontrol module 303 determines whether the predetermined setting valuecorresponding to the USB usage prohibition setting saved in the storageunit 205 is turned on (whether the USB usage prohibition setting isenabled). If, in step S704, it is determined that the setting value isturned off (the USB usage prohibition setting is disabled), theprocessing proceeds to step S703, and the USB control module 303 writesthe data for which the request is received in step S701 into the USBmemory 210. This is similar to the normal processing of the firstembodiment.

Meanwhile, in step S704, if it is determined that the setting value isturned on (the USB usage prohibition setting is enabled), the processingproceeds to step S705, and the TPM control module 304 determines whetheror not the predetermined setting value corresponding to the TPM usagesetting saved in the storage unit 205 is turned on. In a case where thesetting value is turned off (the TPM usage setting is disabled) in stepS705, the processing proceeds to step S711, the UI control module 301performs an error notification by displaying an error screen such asthat of FIG. 6, for example, to the UI 202, and the processingcompletes. Here, if there is the request to write into the USB memory,it is displayed that the usage of the USB is prohibited, and access tothe USB is denied because the usage of the USB is prohibited and the TPMusage setting is disabled.

Also, in a case where it is determined, in step S705, that the TPM usagesetting is enabled, the processing proceeds to step S706, and the TPMcontrol module 304 determines whether or not the backup of the TPM keyhas been executed, by whether or not the setting value corresponding tothe condition for execution of the backup of the TPM key saved in thestorage unit 205 is turned off. If, in step S706, the setting value isturned on (the backup of the TPM key already performed), the processingproceeds to step S711, and the UI control module 301 performs an errornotification by performing a display such as that of FIG. 6, forexample, to the UI 202. Here, because the usage of the USB isprohibited, and the backup of the TPM key is already executed when thereis the request to write into the USB memory, it is displayed that theusage of the USB memory is prohibited, and access to the USB memory isdenied.

Meanwhile, in a case where, in step S706, the setting value is turnedoff (the backup has not been executed), the following processing, whichis a characteristic of the second embodiment, is executed. Firstly, theprocessing proceeds to step S707, and the setting value control module305 modifies the predetermined setting value corresponding to the USBusage prohibition setting saved in the storage unit 205 to be off. Inother words, the USB memory 210 is made to be accessible by disablingthe usage prohibition setting of the USB memory 210. Next, theprocessing proceeds to step S708, and the UI control module 301 makes anotification of a request for execution of the backup of the TPM key bydisplaying a screen such as that of FIG. 8, for example, to the UI 202.

FIG. 8 depicts a view for illustrating an example of a warning screendisplayed in the multi function peripheral 101 according to the secondembodiment when the backup of the TPM key has not been completed.

On this screen, it is displayed that the backup of the TPM key has notbeen completed, and that the USB usage prohibition setting cannot beperformed until the backup of the TPM key is completed. When, an OKbutton 801 is pressed by a user on this screen, the processing proceedsto step S709, and transition to a screen for execution of the backup ofthe TPM key, as shown in FIG. 9, for example, is made.

FIG. 9 depicts a view for showing an example of a screen for queryingwhether or not to execute the backup of the TPM key in the multifunction peripheral 101 according to the second embodiment.

When, a user presses an “execute” button 901 on the screen of FIG. 9,the processing proceeds to step S712 from step S710, and the backup ofthe TPM key is executed in accordance with the flowchart of FIG. 10, forexample.

FIG. 10 is a flowchart for describing the TPM key backup processing ofstep S712 of FIG. 7.

Firstly, in step S1001, the UI control module 301 displays a passwordinput request screen as shown in FIG. 11, for example to the UI 202.

FIG. 11 depicts a view illustrating an example of a password inputrequest screen that the multi function peripheral 101 displays in stepS1001 of FIG. 10 according to the second embodiment.

When a user inputs a password into a password input field 1101 in thisscreen and presses an OK button 1102, the input password is accepted.

When the password input completes and an authentication of the usersucceeds in step S1001, the processing proceeds to step S1002, and theencryption processing module 308 performs a format conversion of the TPMkey based on the inputted password. In other words, the TPM key isconverted into a PKCS #12 (Public Key Cryptography Standard #12) format.Next, the processing proceeds to step S1003, and the encryptionprocessing module 308 archives the format converted TPM key, along withpredetermined information by which the multi function peripheral 101 canrecognize the format converted TPM key to be the TPM key. Next, theprocessing proceeds to step S1004, and the USB control module 303executes the backup of the TPM key by writing the TPM key into the USBmemory 210. Then, the processing proceeds to step S1005, and the USBcontrol module 303 determines whether or not the writing into the USBmemory 210 succeeds. In step S1005, if the USB control module 303determines that the writing into the USB memory 210 succeeds, theprocessing proceeds to step S1006, and the setting value control module305 sets the predetermined setting value corresponding to the conditionfor execution of the backup of the TPM key saved in the storage unit 205to be on (already executed). Then, the processing completes.

Meanwhile, in a case where the USB control module 303, in step S1005,determines that the writing into the USB memory 210 fails, theprocessing proceeds to step S1007, the UI control module 301 displays apredetermined error notification screen (not shown here) to the UI 202,and the processing completes.

Once again the processing proceeds to step S713 of FIG. 7, and if theUSB control module 303 determines that the backup of the TPM keysucceeds, the processing proceeds to step S714, and the setting valuecontrol module 305 sets the predetermined setting value corresponding tothe USB usage prohibition setting saved in the storage unit 205 to beon. In other words, the USB usage prohibition setting is enabled, andthe processing completes.

Meanwhile, in a case where the cancel button 902 is pressed in step S715without the execution button 901 being pressed on the screen of FIG. 9,or in a case where the backup of the TPM key fails in step S713, theprocessing proceeds to step S716. In step S716, the UI control module301 displays a warning screen, such as that of FIG. 12, for example, andthe processing completes.

FIG. 12 depicts a view for illustrating an example of a warning screendisplayed by the multi function peripheral 101 according to the secondembodiment.

In this screen, it is displayed that until the backup of the TPM keycompletes, the USB usage setting prohibition will not be enabled, andthe user is instructed so that the user performs the backup of the TPMkey.

By the second embodiment, as explained above, it is possible toconfigure such that even in a case where it is requested that the USBusage prohibition setting and the TPM usage setting be used together,the USB usage prohibition setting is not enabled until the backup of theTPM key is completed. With this, it becomes possible for theadministrator to perform the backup of the TPM key even if the multifunction peripheral 101 is activated in the normal mode, while the USBusage setting prohibition and the TPM usage setting are set.

Third Embodiment

In the previously described second embodiment, explanation was given fora case in which the USB usage prohibition setting is not enabled untilthe administrator completes the backup of the TPM key.

In the third embodiment, in a case where it is requested that the USBusage prohibition setting and the TPM usage setting be used together onthe multi function peripheral 101, the USB usage prohibition setting isenabled even if the backup of the TPM key is not executed. However,explanation will be given for a case in which the writing into the USBmemory is allowed only in the exceptional case in which it is the TPMkey that is to be written into the USB memory. In other words, even whenthe setting prohibiting access to the USB and the TPM usage setting aremade when the multi function peripheral 101 activates in the normalactivation mode, the backup of the TPM key to the USB memory is allowedunder the condition that access to the USB memory is for the backup ofthe TPM key. Note that the hardware configuration of the multi functionperipheral 101 and the system configuration according to the thirdembodiment are the same as in the case of the previously described firstembodiment, and so their explanation will be omitted.

FIG. 13 is a flowchart for describing TPM key backup processing by themulti function peripheral 101 according to the third embodiment of thepresent invention. This processing is realized by the CPU 203 executinga program deployed into the RAM 204, but here explanation is given withthe processing being performed by the control modules shown in FIG. 3.Note that in FIG. 13, because the processing of step S1301 and stepS1302 is similar to that of step S401 and step S402 of FIG. 4 of thefirst embodiment, their explanations are omitted.

In a case where the setting control module 305, in step S1302,determines that the activation is in the normal mode, the processingproceeds to step S1304, and the TPM control module 304 determineswhether or not the predetermined setting value corresponding to the TPMusage setting saved in the storage unit 205 is turned on (whether theTPM usage setting is enabled). In a case where the TPM control module304, in step S1304, determines that the TPM usage setting is notenabled, the processing proceeds to step S1308, the UI control module301 performs an error notification by performing a display such as isshown in FIG. 6, for example, on the UI 202, and the processingcompletes. This is because the USB usage prohibition setting and the TPMusage setting are not set.

In a case where, in step S1304, the TPM control module 304 determinesthat the TPM usage setting is enabled, the processing proceeds to stepS1305, and the USB control module 303 determines whether or not thepredetermined setting value corresponding to the USB usage prohibitionsetting saved in the storage unit 205 is turned on (USB usageprohibition). If, in step S1305, it is determined that the USB usageprohibition is set, the processing proceeds to step S1306, and if theUSB usage prohibition is not set, the processing proceeds to step S1308,and the UI control module 301 performs an error notification byperforming a display such as that of FIG. 6, for example, to the UI 202.This is because, since it is assumed that if the TPM usage setting isenabled, the USB usage prohibition will be set, and if the USB usageprohibition is not set, this is processed as an error.

If, in step S1305, the USB control module 303 determines that the USBusage prohibition setting is turned on, the processing proceeds to stepS1306, and the UI control module 301 waits for receipt of the request towrite into the USB memory 210 from the UI 202. If, in step S1306, thereis the request to write into the USB memory 210, the processing proceedsto step S1307, and the USB control module 303 determines whether or notit is the TPM key that is to be written into the USB memory 210. It ispossible, for the determination approach as to whether it is the TPM keythat is to be written, to determine whether or not what is to be writtenis the predetermined information of the TPM key formed by step S1003,for example. If, in step S1307, the USB control module 303 determinesthat it is a writing of the TPM key, the processing proceeds to stepS1303, the USB control module 303 executes the writing into the USBmemory 210, and the processing completes. Meanwhile, in step S1307, ifit is determined that the target of the writing is not the TPM key, theprocessing proceeds to step S1308, the UI control module 301 performs anerror notification by performing a display such as that of FIG. 6, forexample, to the UI 202, and the processing completes.

As explained above, by virtue of the third embodiment, the USB usageprohibition setting is enabled in a case where it is requested that theUSB usage prohibition setting and the TPM usage setting both be used onthe multi function peripheral, even if the backup of the TPM key is notexecuted. However, it becomes possible for the administrator to performthe backup of the TPM key by only allowing the writing of the data intothe USB memory in the exceptional case in which it is the TPM key thatis to be written into the USB memory.

Fourth Embodiment

The information processing apparatus according to the fourth embodimentloads a USB driver saved in the storage apparatus upon transition to aservice mode, in a case where the USB usage prohibition is set. Then,notification that the USB device is in a useable state is made to thecontrol module which allows the usage of the USB device. With this, evenif the usage prohibition of the USB device is set on the informationprocessing apparatus, service information such as logs, reportinformation, and the like, can be obtained using the USB memory in acase of maintenance of the information processing apparatus by aserviceman. Note that the arrangements of the system configuration andthe multi function peripheral according to the fourth embodiment aresimilar to those of the previously described first embodiment, and soexplanation is omitted.

FIG. 14 is a block diagram for explaining a software configuration ofthe multi function peripheral 101 according to the fourth embodiment ofthe present invention. Here, while there is no particular limitation,control modules and other modules are realized by control programsstored in the storage unit 205, and by the CPU 203 executing thesecontrol programs, the functions corresponding to each module arerealized. Note that modules in FIG. 14 that are common to FIG. 3 of thepreviously described first embodiment are denoted by the same referencenumerals, and their explanation will be omitted.

The activation control module 306 executes a predetermined operationmode upon an operation of the serviceman. For example, the multifunction peripheral 101 according to the fourth embodiment has twooperation modes: the normal mode and the service mode. Here, the normalmode is a general operation mode for users, and is a mode for defaultoperation upon normal activation. The service mode is a mode forperforming special work, and is a mode for a worker (serviceman) of asupport center, or the like, performing a log or service informationobtainment operation upon maintenance work, the occurrence of amalfunction, or the like, for example. Also, transition to the servicemode is only enabled in a case where the serviceman performs apredetermined operation on the multi function peripheral 101, and theprocedure of the predetermined operation is not published to generalusers, and is only known by the serviceman.

A log management module 1401 performs management of logs relating to theoperation of the multi function peripheral 101. A report managementmodule 1402 performs management of report information of the multifunction peripheral 101. A box management module 1403 performsmanagement of a box function of the multi function peripheral 101.

FIG. 15 is a flowchart for describing control to make possible a usageof a USB device by an operation mode in a case where a USB device (herea USB memory) usage prohibition setting has been set on the multifunction peripheral 101 according to the fourth embodiment. Thisprocessing is realized by the CPU 203 executing a program deployed intothe RAM 204, but here explanation is given with the processing beingperformed by the control modules shown in FIG. 14.

In the fourth embodiment, in a case where the USB memory is notconnected to the USB I/F 209 (i.e. in a case where the connection of theUSB memory is not recognized by the USB control module 303), the UIcontrol module 301 does not display to a user a screen for performing arequest to write into the USB memory. Furthermore, in the fourthembodiment, the usage of the USB memory is made possible not just in theservice mode, but also in a case of activation in an activation mode formaintenance (hereinafter referred to as the maintenance mode). Also, inthe fourth embodiment, an example of the serviceman obtaining a log orreport information as service information in the service mode is shown.

Firstly, the activation control module 306 determines, in step S1501,whether the setting value corresponding to the maintenance mode saved inthe storage unit 205 is turned on (whether the activation is a normalactivation). Here, if it is determined that the setting value is turnedon (it is not a normal activation), the processing proceeds to stepS1502, and the USB control module 303 releases the USB usage prohibitionsetting by executing loading of the USB driver. After this, theprocessing proceeds to step S1515, notification that the loading of theUSB driver has completed is made to all of the applications by callingcallback functions, for example, and the processing completes. In thefourth embodiment, as an example of the notification to all of theapplications, the log management module 1401 (step S1901), the reportmanagement module 1402 (step S1902), and the box management module 1403(step S1903) are given as targets as is shown in FIG. 19, but thepresent invention is not limited to this.

FIG. 19 is a flowchart for describing processing of step S1515 of FIG.15 or step S1718 of FIG. 17.

Firstly, in step S1901, the log management module 1401 is notified, andnext, in step S1902, the report management module 1402 is notified.Then, finally in step S1903, the box management module 1403 is notified,and the processing completes.

Meanwhile, if it is determined that the setting value is turned off(activation in the normal mode) in step S1501, the processing proceedsto step S1503, and the USB control module 303 determines whether thesetting value saved in the storage unit 205 corresponding to the USBusage prohibition setting is turned on (whether the USB usageprohibition setting is enabled). If it is determined that the settingvalue is turned off (the USB usage prohibition setting is disabled), theprocessing proceeds to step S1502, the USB control module 303 executesthe loading of the USB driver, and the processing proceeds to stepS1515.

On the other hand, in a case where it is determined, in step S1503, thatthe setting value is turned on (the USB usage prohibition setting isenabled), the processing proceeds to step S1504 without the USB controlmodule 303 executing the loading of the USB driver. In step S1504, theactivation control module 306 determines whether or not a request fortransition to the service mode by an operation of the UI 202 isaccepted, and if such a request is accepted, the operation mode istransitioned into the service mode, and the processing proceeds to stepS1505.

In the fourth embodiment, the example of an operation on the UI 202being required as the service mode transition condition is illustrated,but alternatively, configuration may be taken so as to transition intothe service mode in a case in which it could be confirmed byauthentication that the user is the serviceman, for example.

In step S1505, the USB control module 303 executes the loading of theUSB driver similarly to step S1502. Next, the processing proceeds tostep S1506, and notification that the loading of the USB driver hascompleted by calling callback functions, for example, is made toapplications for which the usage of the USB device is allowed.

In the fourth embodiment, as examples of applications for which theusage of the USB is allowed, the log management module 1401 (step S1601)and the report management module 1402 (step S1602), as shown in FIG. 16,are given, but the present invention is not limited to this.

FIG. 16 is a flowchart for describing the processing of step S1506 ofFIG. 15.

Firstly, in step S1601 the log management module 1401 is notified, andnext, in step S1602, the report management module 1402 is notified, andthe processing completes.

Next, the processing proceeds to step S1507, and if a request that a logbe written into the USB memory is accepted from the UI 202, theprocessing proceeds to step S1508, and the log management module 1401writes a log saved in the storage unit 205 into the USB memory 210 viathe USB control module 303. Next, the processing proceeds to step S1509,and if a request for report information to be written into the USBmemory is accepted from the UI 202, the processing proceeds to stepS1510, and the report management module 1402 writes report informationsaved in the storage unit 205 into the USB memory 210 via the USBcontrol module 303. Note that in step S1507, if the log write request isnot accepted, the processing proceeds to step S1509, and in step S1509,if the report information write request is not accepted, the processingproceeds to step S1511.

In step S1511, if a request for transition to the normal mode isaccepted due to an operation from the UI 202, the processing proceeds tostep S1512, and the USB control module 303 determines whether or not theUSB memory 210 is being written into. Here, if the USB control module303 determines that the USB memory 210 is being written into, step S1512is executed until the write processing completes, and when the writeprocessing completes, the processing proceeds to step S1513, and theunloading of the USB driver is executed. When, in step S1513, theunloading of the USB driver completes, the processing proceeds to stepS1514, the activation control module 306 transitions the operation modeinto the normal mode, and the processing completes.

In this way, even in a case where the USB usage prohibition is set, theconnected USB device can be used by loading the USB driver whentransition is made into the service mode. Also, because the loaded USBdriver is unloaded when transition is made into the normal mode from theservice mode, it is possible to configure such that the normal mode is astate in which the USB usage prohibition is set.

Explanation will be given for the flow of the above control withreference to FIG. 18.

FIG. 18 depicts a view for explaining an example of a modification ofthe operation mode in the multi function peripheral 101 according to thefourth embodiment.

In a case where the USB usage prohibition is set, the USB device cannotbe used if the multi function peripheral 101 is in the normal mode, butwhen the multi function peripheral 101 transitions to the service mode,the USB driver is loaded, and notification is made to the log managementmodule 1401 and the report management module 1402 only. Also, when themulti function peripheral 101 transitions from the service mode into thenormal mode, the USB driver is unloaded.

As explained above, by virtue of the fourth embodiment, even if the USBusage prohibition is set for the multi function peripheral 101, theserviceman is able to obtain service information such as logs and reportinformation using the USB device, and it becomes possible to maintainserviceability.

Fifth Embodiment

In the previously described fourth embodiment, explanation was given foran example in which if the serviceman knows the operation on the UI 202for transitioning into the service mode, the serviceman is able to usethe USB device in the service mode. However, in the fourth embodiment,there is the risk that confidential information will be writtensimultaneously when writing the service information into the USB memoryin cases where software infected by malware is operating within thedevice. Also, there is a possibility that when the confidentialinformation within the device is written into the USB memory, this willlead to leakage of the information.

In the fifth embodiment, by firstly unmounting an area in whichconfidential information has been saved, when transitioning into theservice mode, even in a case where malicious software is operating, itis possible to prevent from writing the confidential information alongwith the service information into the USB memory. Note that thearrangement of the system configuration and the multi functionperipheral according to the fifth embodiment are similar to those of thepreviously described first embodiment, and so explanation is omitted.

FIG. 17 is a flowchart for describing processing by the multi functionperipheral 101 according to the fifth embodiment. This processing isrealized by the CPU 203 executing a program deployed into the RAM 204,but here explanation is given with the processing being performed by thecontrol modules shown in FIG. 14. Note that step S1701 to step S1714 ofFIG. 17 are similar to step S1501 to step S1514 of FIG. 15 in thepreviously described fourth embodiment. In the fifth embodiment, anexample is illustrated in which a storage area of an encryption key,which is confidential information, is firstly unmounted, but the presentinvention is not limited to this. Also, in the fifth embodiment,similarly to the fourth embodiment, the usage of the USB memory is madepossible not just in the service mode, but also in a case of activationin the maintenance mode.

In step S1701, the activation control module 306 determines whether thesetting value corresponding to the maintenance mode saved in the storageunit 205 is turned on (whether the multi function peripheral 101 isactivated in the maintenance mode). If it is determined, in step S1701,that the setting value is on (activation in the maintenance mode), theprocessing proceeds to step S1715, and the activation control module 306unmounts the storage area of the encryption key. Then, the processingproceeds to step S1702, the USB control module 303 executes the loadingof the USB driver, and the processing proceeds to step S1718. In stepS1718, the USB control module 303 makes a notification that the loadingof the USB driver has completed to all of the applications by calling acallback function, for example. In the fifth embodiment, as an exampleof the notification to all of the applications, the log managementmodule (step S1901), the report management module (step S1902), and thebox management module (step S1903) are given as targets as is shown inFIG. 19, but the present invention is not limited to this.

Meanwhile, if it is determined, that the setting value is turned off(activation in the normal mode) in step S1701, the processing proceedsto step S1703, and the USB control module 303 determines whether thesetting value saved in the storage unit 205 corresponding to the USBusage prohibition setting is turned on (whether the USB usageprohibition setting is enabled). In step S1703, if it is determined thesetting value is turned off (the USB usage prohibition setting isdisabled), the processing proceeds to step S1715, and the activationcontrol module 306 unmounts the storage area of the encryption key.Then, the processing proceeds to step S1702, the USB control module 303executes the loading of the USB driver, and the processing proceeds tostep S1718.

Also, in a case where it is determined, in step S1703, that the settingvalue is turned on (the USB usage prohibition setting is enabled), theprocessing proceeds to step S1704 without the USB control module 303executing the loading of the USB driver. In step S1704, the activationcontrol module 306 determines whether or not a request for transition tothe service mode by an operation of the UI 202 is accepted, and if sucha request is accepted, the operation mode is transitioned into theservice mode, and the processing proceeds to step S1716.

In the fifth embodiment, the example of an operation on the UI 202 beingrequired as the service mode transition condition is illustrated, butalternatively, configuration may be taken so as to transition into theservice mode in a case in which it could be confirmed by userauthentication that the user is the serviceman, for example. In stepS1716, the activation control module 306 unmounts the storage area ofthe encryption key. Then, the processing proceeds to step S1705, the USBcontrol module 303 executes the loading of the USB driver, and when theloading of the USB driver is completed, the processing proceeds to stepS1706. In step S1706, the USB control module 303 makes a notification tothe applications for which the usage of the USB is allowed by calling acallback function, for example.

In the fifth embodiment, similarly to the fourth embodiment, as examplesof the applications for which the usage of the USB device is allowed,the log management module (step S1601), and the report management module(step S1602) are made to be the targets as is shown in FIG. 16, but thepresent invention is not limited to this.

Next, the processing proceeds to step S1707, it is determined whether ornot a request to write a log into the USB device is accepted from the UI202, and if such a request is accepted, the processing proceeds to stepS1708, and the log management module 1401 writes a log saved in thestorage unit 205 into the USB memory 210 via the USB control module 303.Here, even if malicious software attempts to write the encryption keyinto the USB memory 210, the software cannot access the encryption keybecause the area is unmounted.

Next, the processing proceeds to step S1709, and it is determinedwhether or not a request for report information to be written into theUSB memory is accepted from the UI 202, and if such a request isaccepted, the processing proceeds to step S1710. In step S1710, thereport management module 1402 writes report information saved in thestorage unit 205 into the USB memory 210 via the USB control module 303.

Next, the processing proceeds to step S1711, and it is determinedwhether or not a request for transition to the normal mode made by anoperation of the UI 202 is accepted, and if such a request is accepted,the processing proceeds to step S1712, and the USB control module 303determines whether or not the USB memory 210 is being written into.Here, when the USB control module 303 determines that the USB memory 210is being written into, step S1712 is executed until the write processingcompletes, and when the write processing completes, the processingproceeds to step S1713, and the unloading of the USB driver is executed.Then the processing proceeds to step S1717, and the activation controlmodule 306 mounts the storage area of the encryption key. Next, theprocessing proceeds to step S1714, the activation control module 306transitions the operation mode into the normal mode, and the processingcompletes.

As explained above, according to the fifth embodiment, even in a casewhere malicious software is operating, further security strengtheningcan be achieved by preventing confidential information from beingwritten into the USB memory along with the service information.

OTHER EMBODIMENT

Embodiment(s) of the present invention can also be realized by acomputer of a system or apparatus that reads out and executes computerexecutable instructions (e.g., one or more programs) recorded on astorage medium (which may also be referred to more fully as a‘non-transitory computer-readable storage medium’) to perform thefunctions of one or more of the above-described embodiment(s) and/orthat includes one or more circuits (e.g., application specificintegrated circuit (ASIC)) for performing the functions of one or moreof the above-described embodiment(s), and by a method performed by thecomputer of the system or apparatus by, for example, reading out andexecuting the computer executable instructions from the storage mediumto perform the functions of one or more of the above-describedembodiment(s) and/or controlling the one or more circuits to perform thefunctions of one or more of the above-described embodiment(s). Thecomputer may comprise one or more processors (e.g., central processingunit (CPU), micro processing unit (MPU)) and may include a network ofseparate computers or separate processors to read out and execute thecomputer executable instructions. The computer executable instructionsmay be provided to the computer, for example, from a network or thestorage medium. The storage medium may include, for example, one or moreof a hard disk, a random-access memory (RAM), a read only memory (ROM),a storage of distributed computing systems, an optical disk (such as acompact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™),a flash memory device, a memory card, and the like.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all such modifications and equivalent structures andfunctions.

This application claims the benefits of Japanese Patent Application No.2013-240257, filed Nov. 20, 2013, and Japanese Patent Application No.2014-115316, filed Jun. 3, 2014, which are hereby incorporated byreferences herein in their entirety.

1.-14. (canceled)
 15. An information processing apparatus, comprising: aUSB interface capable of connecting to and disconnecting from aremovable storage medium; and at least one processor coupled to a memorydevice and programmed to provide: a setting unit configured to perform asetting for prohibiting use of the USB interface; and a controllerconfigured to prohibit the use of the USB interface in a firstactivation mode in accordance with a first activation operation by auser, in a case where the setting for prohibiting the use of the USBinterface is set by the setting unit, and to permit the use of the USBinterface in a second activation mode in accordance with a secondactivation operation by the user, in a case where the setting forprohibiting the use of the USB interface is set by the setting unit. 16.The information processing apparatus according to claim 15, wherein thecontroller releases the prohibition for the use of the USB interface byloading a USB driver in accordance with making a transition from thefirst activation mode to the second activation mode.
 17. The informationprocessing apparatus according to claim 15, wherein the controller setsthe prohibition for the use of the USB interface by unloading a USBdriver in accordance with making a transition from the first activationmode to the second activation mode.
 18. The information processingapparatus according to claim 15, wherein the at least one processor isfurther programmed to provide: an activation control unit configured to,in a case that the controller cancels the prohibition for the use of theUSB interface, unmount an area storing confidential information, and ina case that transition is made from the second activation mode to thefirst activation mode, mount the area.
 19. The information processingapparatus according to claim 15, wherein the second activation mode is amode in which the information processing apparatus is able to executeprocessing for writing log information indicating processing of theinformation processing apparatus into the removable storage medium. 20.The information processing apparatus according to claim 15, wherein thesecond activation mode is a mode in which the information processingapparatus is able to execute processing for writing report informationinto the removable storage medium.
 21. The information processingapparatus according to claim 15, wherein the first activation mode is anormal mode and the second activation mode is a special mode differentfrom the normal mode.
 22. The information processing apparatus accordingto claim 21, wherein the special mode is a service mode or a maintenancemode.
 23. The information processing apparatus according to claim 15,wherein the setting for prohibiting the use of the USB interface isapplied after a backup processing of a TPM (Trusted Platform Module)key.
 24. The information processing apparatus according to claim 15,further comprising a print device.
 25. A method of controlling aninformation processing apparatus having a USB interface capable ofconnecting to and disconnecting from a removable storage medium, themethod comprising: setting a setting for prohibiting use of the USBinterface; prohibiting the use of the USB interface in a firstactivation mode in accordance with a first activation operation by auser, in a case where the setting for prohibiting the use of the USBinterface is set by the setting unit; permitting the use of the USBinterface in a second activation mode in accordance with a secondactivation operation by the user, in a case where the setting forprohibiting the use of the USB interface is set by the setting unit. 26.The method according to claim 25, further comprising releasing theprohibition for the use of the USB interface by loading a USB driver inaccordance with making a transition from the first activation mode tothe second activation mode.
 27. The method according to claim 25,wherein in the controlling, the prohibition for the use of the USBinterface is set by unloading a USB driver in accordance with making atransition from the first activation mode to the second activation mode.28. The method according to claim 25, further comprising: in a case thatthe prohibition for the use of the USB interface is cancelled,unmounting an area storing confidential information, and in a case thattransition is made from the second activation mode to the firstactivation mode, mounting the area.